Most home Wi-Fi networks today use a single pre-shared key (e.g., a password) for authentication and encryption (e.g., WPA-PSK). Using a single pre-shared key may work well when all devices on the network are fully trusted, but in practice this is often not the case. In many home scenarios, it is common for a guest to ask for a Wi-Fi network's password so that the guest can get Internet access on their laptop or mobile device. Unfortunately if a Wi-Fi administrator gives the guest the Wi-Fi password, the guest may gain the capability to capture and decrypt link-layer communication for all device traffic on that Wi-Fi network.
Other related problems may also exist when using a pre-shared key for Wi-Fi network authentication and encryption. For example, a Wi-Fi administrator may need to trust that, once a guest that has been provided with a Wi-Fi network's pre-shared key no longer needs access to the Wi-Fi network, the guest does not give away the pre-shared key by accident or on purpose. Additionally, since a pre-shared key may be used as an authentication mechanism, it may be difficult to set different access controls on the devices connected to a Wi-Fi network if the devices use the same pre-shared key.
Some access-point technologies use WPA-ENTERPRISE in an attempt to resolve many of the above-mentioned issues with using pre-shared keys to secure access to Wi-Fi networks. In general, WPA-ENTERPRISE provides each guest of a Wi-Fi network a separate username and password, which may enable each guest to be individually managed. However, using WPA-ENTERPRISE to secure access to Wi-Fi networks typically requires an administrator to set up and manage an authentication server (e.g., a RADIUS server) for account management, which is generally too complicated for the average home Wi-Fi administrator. Although, some home access points may include an embedded authentication server, an administrator may still be required to log into the access point to create an account for each guest that wishes to connect to the access point. Accordingly, the instant disclosure identifies and addresses a need for additional and improved systems and methods for provisioning access-point accounts.